openssh升级sftp_Linux——OpenSSH如何升级到最新版本

前言

步骤

升级方法一

具体的内容请查看脚本内容

#!/bin/bash

## 查看现有的ssh的版本并升级到最新版本

cd /opt

ssh -V

openssl version

yum update openssh -y

## 安装启动并配置telnet服务 | 防止ssh升级失败无法访问服务器

yum install -y telnet-server* telnet xinetd

systemctl enable xinetd.service

systemctl enable telnet.socket

systemctl start telnet.socket

systemctl start xinetd.service

echo 'pts/0' >>/etc/securetty

echo 'pts/1' >>/etc/securetty

echo 'pts/2' >>/etc/securetty

## 升级ssh

yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel

yum install -y pam* zlib*

wget -c https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz

wget -c https://ftp.openssl.org/source/openssl-1.0.2r.tar.gz

tar xfz openssh-8.1p1.tar.gz

tar xfz openssl-1.0.2r.tar.gz

mv /usr/bin/openssl /usr/bin/openssl_bak

mv /usr/include/openssl /usr/include/openssl_bak

cd /opt/openssl-1.0.2r

./config shared && make && make install

echo $?

ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

ln -s /usr/local/ssl/include/openssl /usr/include/openssl

echo "/usr/local/ssl/lib" >> /etc/ld.so.conf

/sbin/ldconfig

openssl version

cd /opt/openssh-8.1p1

chown -R root.root /opt/openssh-8.1p1

cp -r /etc/ssh /tmp/

rm -rf /etc/ssh

./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/ssl/include --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords --with-pam && make && make install

echo $?

cat > /etc/ssh/sshd_config <

PermitRootLogin yes

AuthorizedKeysFile .ssh/authorized_keys

UseDNS no

Subsystem sftp /usr/libexec/sftp-server

EOF

grep "^PermitRootLogin" /etc/ssh/sshd_config

cat /tmp/ssh/sshd_config |grep -v '#' |grep -v '^$'

cp -a contrib/redhat/sshd.init /etc/init.d/sshd

cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam

chmod +x /etc/init.d/sshd

chkconfig --add sshd

systemctl enable sshd

mv /usr/lib/systemd/system/sshd.service /opt/

mv /usr/lib/systemd/system/sshd.socket /opt/

chkconfig sshd on

service sshd restart

openssl version

ssh -V

关闭telnet服务

自测后如果没有问题的话,自行把telnet服务关闭

systemctl disable xinetd

systemctl disable telnet.socket

systemctl stop xinetd.service

systemctl stop telnet.socket

效果如下

升级方法二

确认gcc等工具已经安装好了

为了安全直接屏蔽了root账户,确认创建好非root账户登录ssh

##SSH升级

mv /usr/bin/openssl /usr/bin/openssl.bak

tar -zxvf openssl-1.1.1g.tar.gz

cd openssl-1.1.1g

./config shared && make && make install

\cp -rvf include/openssl /usr/include/

ln -s /usr/local/bin/openssl /usr/bin/openssl

ln -snf /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so

ln -snf /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so.1.1

ln -snf /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so

ln -snf /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1

ldconfig

openssl version

# 备份

cp /usr/bin/ssh /usr/bin/ssh.bak

cp /usr/sbin/sshd /usr/sbin/sshd.bak

mv /etc/ssh /etc/ssh.bak

tar -zxvf openssh-8.3p1.tar.gz

cd openssh-8.3p1

./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords

make && make install

# 修改启动文件和pam

cp ./contrib/redhat/sshd.init /etc/init.d/sshd

cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam

mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service_bak

systemctl daemon-reload

systemctl restart sshd

systemctl status sshd